Site Navigation

Date:      Thu, 5 Sep 2019 16:51:04 +0000 (UTC)
From:      Kurt Jaeger <pi@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r511195 - in head/dns/powerdns: . files
Message-ID:  <201909051651.x85Gp4aM088542@repo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: pi
Date: Thu Sep  5 16:51:04 2019
New Revision: 511195
URL: https://svnweb.freebsd.org/changeset/ports/511195

Log:
  dns/powerdns: upgrade 4.1.14 -> 4.2.0
  
  - Please note: to fix CVE-2019-10203, upgrading is not enough
    Manually apply the schema change:
    ALTER TABLE domains ALTER notified_serial TYPE bigint
    USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;
  
  PR:		239850
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer)
  MFH:		2019Q3
  Relnotes:	https://doc.powerdns.com/authoritative/changelog/4.2.html
  		http://blog.powerdns.com/2019/08/29/powerdns-authoritative-server-4-2-0/
  Security:	CVE-2019-10203

Added:
  head/dns/powerdns/files/patch-pdns_dns__random.cc   (contents, props changed)
  head/dns/powerdns/pkg-install   (contents, props changed)
Modified:
  head/dns/powerdns/Makefile
  head/dns/powerdns/distinfo
  head/dns/powerdns/files/pdns.in
  head/dns/powerdns/files/pkg-message.in
  head/dns/powerdns/pkg-plist

Modified: head/dns/powerdns/Makefile
==============================================================================
--- head/dns/powerdns/Makefile	Thu Sep  5 16:15:10 2019	(r511194)
+++ head/dns/powerdns/Makefile	Thu Sep  5 16:51:04 2019	(r511195)
@@ -1,10 +1,9 @@
 # $FreeBSD$
 
 PORTNAME=	powerdns
-DISTVERSION=	4.1.10
-PORTREVISION=	4
+DISTVERSION=	4.2.0
 CATEGORIES=	dns ipv6
-MASTER_SITES=	http://downloads.powerdns.com/releases/
+MASTER_SITES=	https://downloads.powerdns.com/releases/
 DISTNAME=	pdns-${DISTVERSION}
 
 MAINTAINER=	tremere@cainites.net
@@ -14,11 +13,11 @@ LICENSE=	GPLv2
 
 BROKEN_sparc64=		Does not compile: error: to_string is not a member of std
 
-LIB_DEPENDS=	libboost_serialization.so:devel/boost-libs
+LIB_DEPENDS=	libboost_serialization.so:devel/boost-libs \
+		libcurl.so:ftp/curl
 
 USES=		compiler:c++11-lib cpe gmake libtool localbase:ldflags pathfix \
 		pkgconfig ssl tar:bzip2
-
 USE_LDCONFIG=	YES
 USE_RC_SUBR=	pdns
 USE_SUBMAKE=	YES
@@ -35,27 +34,25 @@ INSTALL_TARGET=	install-strip
 SCRIPTS_ENV=	CURDIR2="${.CURDIR}" DISTNAME="${DISTNAME}" MKDIR="${MKDIR}" \
 		POWERDNS_OPTIONS="${POWERDNS_OPTIONS}" \
 		WRKDIRPREFIX="${WRKDIRPREFIX}"
-
 SUB_FILES=	pkg-message
 
-OPTIONS_DEFINE=		DOCS EXAMPLES LUAJIT MYDNS MYSQL OPENDBX OPENLDAP \
-			OPTALGO PGSQL PROTOBUF REMOTE SQLITE3 TINYDNS TOOLS \
-			UNIXODBC
-OPTIONS_DEFAULT=	MYSQL PGSQL SQLITE3
-
-OPTIONS_GROUP=			EXPERIMENTAL REMOTEOPT
-OPTIONS_GROUP_EXPERIMENTAL=	LUABACKEND
+OPTIONS_DEFINE=			DOCS EXAMPLES GEOIP LUABACKEND LUAJIT MYDNS \
+				MYSQL OPENDBX OPENLDAP PGSQL PROTOBUF REMOTE \
+				SQLITE3 TINYDNS TOOLS UNIXODBC
+OPTIONS_DEFAULT=		MYSQL PGSQL SQLITE3
+OPTIONS_GROUP=			GEOIPOPT REMOTEOPT
 OPTIONS_GROUP_REMOTEOPT=	ZEROMQ
 
 OPTIONS_SUB=	yes
 
-LUABACKEND_DESC=	Lua backend
+GEOIPOPT_DESC=		GeoIP DB options
+GEOIP_DESC=		GeoIP backend (GeoIP2 DB)
+LUABACKEND_DESC=	Lua2 backend
 LUAJIT_DESC=		Use LuaJIT instead of Lua
 MYDNS_DESC=		MyDNS backend
 MYSQL_DESC=		MySQL backend
 OPENDBX_DESC=		OpenDBX backend
 OPENLDAP_DESC=		OpenLDAP backend
-OPTALGO_DESC=		Enable optional algorithms (12, 15 & 16)
 PGSQL_DESC=		PostgreSQL backend
 PROTOBUF_DESC=		Protobuf support
 REMOTEOPT_DESC=		Remote backend connectors
@@ -65,11 +62,15 @@ TINYDNS_DESC=		TinyDNS backend
 TOOLS_DESC=		Build extra tools
 ZEROMQ_DESC=		Enable ZeroMQ connector (Implies REMOTE enabled)
 
-LUABACKEND_VARS=	MODULES+=lua
+GEOIP_LIB_DEPENDS=	libmaxminddb.so:net/libmaxminddb \
+			libyaml-cpp.so:devel/yaml-cpp
+GEOIP_VARS=		MODULES+=geoip
 
+LUABACKEND_VARS=	MODULES+=lua2
+
 LUAJIT_LIB_DEPENDS=	libluajit-5.1.so.2:lang/luajit
 LUAJIT_USES_OFF=	lua
-LUAJIT_CONFIGURE_WITH=	luajit
+LUAJIT_CONFIGURE_ON=	--with-lua=luajit
 
 MYDNS_USES=		mysql
 MYDNS_CONFIGURE_ON=	--with-mysql=${LOCALBASE}
@@ -87,13 +88,6 @@ OPENLDAP_USE=		OPENLDAP=YES
 OPENLDAP_CXXFLAGS=	-DLDAP_DEPRECATED=1
 OPENLDAP_VARS=		MODULES+=ldap
 
-OPTALGO_LIB_DEPENDS=	libbotan-2.so:security/botan2 \
-			libdecaf.so:security/libdecaf \
-			libsodium.so:security/libsodium
-OPTALGO_CONFIGURE_ON=	--enable-botan \
-			--enable-libdecaf \
-			--enable-libsodium
-
 PGSQL_USES=		pgsql
 PGSQL_CONFIGURE_ON=	--with-pg-config=${LOCALBASE}/bin/pg_config
 PGSQL_VARS=		MODULES+=gpgsql
@@ -120,9 +114,18 @@ ZEROMQ_IMPLIES=		REMOTE
 ZEROMQ_LIB_DEPENDS=	libzmq.so:net/libzmq4
 ZEROMQ_CONFIGURE_ON=	--enable-remotebackend-zeromq
 
+.include <bsd.port.pre.mk>
+
+.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1200085 && ${SSL_DEFAULT} != openssl111
+CONFIGURE_ARGS+=	--with-libdecaf \
+			--with-libsodium
+LIB_DEPENDS+=		libdecaf.so:security/libdecaf \
+			libsodium.so:security/libsodium
+.endif
+
 post-install::
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
 	@${STAGEDIR}${LOCALBASE}/sbin/pdns_server --module-dir=${STAGEDIR}${LOCALBASE}/lib/pdns --launch="pipe bind ${MODULES}" --config > ${STAGEDIR}${EXAMPLESDIR}/pdns.conf
 	@${REINPLACE_CMD} -e 's;${STAGEDIR};;' -i '' ${STAGEDIR}${EXAMPLESDIR}/pdns.conf
 
-.include <bsd.port.mk>
+.include <bsd.port.post.mk>

Modified: head/dns/powerdns/distinfo
==============================================================================
--- head/dns/powerdns/distinfo	Thu Sep  5 16:15:10 2019	(r511194)
+++ head/dns/powerdns/distinfo	Thu Sep  5 16:51:04 2019	(r511195)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1561114944
-SHA256 (pdns-4.1.10.tar.bz2) = 5a46cfde92caaaa2e85af9a15acb9ad81b56f4c8a8255c457e6938d8c0cb15c7
-SIZE (pdns-4.1.10.tar.bz2) = 1117663
+TIMESTAMP = 1567076172
+SHA256 (pdns-4.2.0.tar.bz2) = 222007f25e25aad71ac7d8b7f1797a4bcb30781e456d74ed00396e53828a903a
+SIZE (pdns-4.2.0.tar.bz2) = 1249282

Added: head/dns/powerdns/files/patch-pdns_dns__random.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/powerdns/files/patch-pdns_dns__random.cc	Thu Sep  5 16:51:04 2019	(r511195)
@@ -0,0 +1,12 @@
+--- pdns/dns_random.cc.orig	2018-11-29 12:53:42 UTC
++++ pdns/dns_random.cc
+@@ -40,7 +40,9 @@
+ #include <openssl/rand.h>
+ #endif
+ #if defined(HAVE_GETRANDOM)
++extern "C" {
+ #include <sys/random.h>
++}
+ #endif
+ 
+ static enum DNS_RNG {

Modified: head/dns/powerdns/files/pdns.in
==============================================================================
--- head/dns/powerdns/files/pdns.in	Thu Sep  5 16:15:10 2019	(r511194)
+++ head/dns/powerdns/files/pdns.in	Thu Sep  5 16:51:04 2019	(r511195)
@@ -4,7 +4,7 @@
 #
 
 # PROVIDE: pdns_server
-# REQUIRE: DAEMON SERVERS
+# REQUIRE: DAEMON SERVERS mysql postgresql slapd
 # KEYWORD: shutdown
 
 #

Modified: head/dns/powerdns/files/pkg-message.in
==============================================================================
--- head/dns/powerdns/files/pkg-message.in	Thu Sep  5 16:15:10 2019	(r511194)
+++ head/dns/powerdns/files/pkg-message.in	Thu Sep  5 16:51:04 2019	(r511195)
@@ -15,9 +15,9 @@ EOM
 { type: upgrade
   maximum_versio: 3.4
   message: <<EOM
- ---------------------------------------------
- IMPORTANT: PowerDNS Authoritive Server 3.4.0+:
- ---------------------------------------------
+ -----------------------------------------------
+ IMPORTANT: PowerDNS Authoritative Server 3.4.0+:
+ -----------------------------------------------
  This version needs a mandatory schema change for the gmsyql,
  gpgsql and gsqlite3 backends. SQL statements are available in
  %%DOCSDIR%% or http://doc.powerdns.com

Added: head/dns/powerdns/pkg-install
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/powerdns/pkg-install	Thu Sep  5 16:51:04 2019	(r511195)
@@ -0,0 +1,42 @@
+#! /bin/sh
+
+# $FreeBSD$
+
+PATH=/bin:/usr/bin:/usr/sbin
+
+securitywarning() {
+cat <<EOF
+
+  === IMPORTANT FOR GPGSQL BACKEND USERS! ===
+  The following only impacts anyone using the
+  gpgsql (PostgreSQL) backend:
+
+  An issue has been found in PowerDNS
+  Authoritative Server allowing an authorized
+  user to cause the server to exit by
+  inserting a crafted record in a MASTER type
+  zone under their control. The issue is due
+  to the fact that the Authoritative Server
+  will exit when it tries to store the
+  notified serial in the PostgreSQL database,
+  if this serial cannot be represented in 31
+  bits.
+
+  To fix the issue, run the following command
+  against your PostgreSQL pdns database:
+
+  ALTER TABLE domains ALTER notified_serial
+  TYPE bigint USING CASE WHEN notified_serial
+  >= 0 THEN notified_serial::bigint END;
+
+  No software changes are required.
+  ===========================================
+EOF
+}
+
+case $2 in
+PRE-INSTALL)
+        securitywarning
+        sleep 5
+        ;;
+esac

Modified: head/dns/powerdns/pkg-plist
==============================================================================
--- head/dns/powerdns/pkg-plist	Thu Sep  5 16:15:10 2019	(r511194)
+++ head/dns/powerdns/pkg-plist	Thu Sep  5 16:51:04 2019	(r511195)
@@ -4,8 +4,10 @@ bin/zone2json
 bin/zone2sql
 sbin/pdns_server
 %%PROTOBUF%%bin/dnspcap2protobuf
+%%TOOLS%%bin/calidns
 %%TOOLS%%bin/dnsbulktest
 %%TOOLS%%bin/dnsgram
+%%TOOLS%%bin/dnspcap2calidns
 %%TOOLS%%bin/dnsreplay
 %%TOOLS%%bin/dnsscan
 %%TOOLS%%bin/dnsscope
@@ -21,7 +23,8 @@ sbin/pdns_server
 %%TOOLS%%bin/stubquery
 lib/pdns/libbindbackend.so
 lib/pdns/libpipebackend.so
-%%LUABACKEND%%lib/pdns/libluabackend.so
+%%GEOIP%%lib/pdns/libgeoipbackend.so
+%%LUABACKEND%%lib/pdns/liblua2backend.so
 %%MYDNS%%lib/pdns/libmydnsbackend.so
 %%MYSQL%%lib/pdns/libgmysqlbackend.so
 %%OPENDBX%%lib/pdns/libopendbxbackend.so
@@ -35,6 +38,7 @@ lib/pdns/libpipebackend.so
 %%TOOLS%%man/man1/calidns.1.gz
 %%TOOLS%%man/man1/dnsbulktest.1.gz
 %%TOOLS%%man/man1/dnsgram.1.gz
+%%TOOLS%%man/man1/dnspcap2calidns.1.gz
 %%TOOLS%%man/man1/dnsscan.1.gz
 %%TOOLS%%man/man1/dumresp.1.gz
 %%TOOLS%%man/man1/ixplore.1.gz
@@ -59,6 +63,10 @@ man/man1/zone2sql.1.gz
 %%PORTEXAMPLES%%@dir %%EXAMPLESDIR%%
 %%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.1.0_schema.mysql.sql
 %%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.1.0_schema.pgsql.sql
+%%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.0.0_schema.sqlite3.sql
+%%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/4.0.0_to_4.2.0_schema.sqlite3.sql
+%%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/4.1.0_to_4.2.0_schema.mysql.sql
+%%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/4.1.0_to_4.2.0_schema.pgsql.sql
 %%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.mysql.sql
 %%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.pgsql.sql
 %%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.sqlite3.sql

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909051651.x85Gp4aM088542>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact